What is CVE-2020-7454?

CVE-2020-7454 is a vulnerability in the FreeBSD Kernel that allows remote attackers to execute arbitrary code.

Is authentication required to exploit CVE-2020-7454?

No, authentication is not required to exploit this vulnerability.

How severe is CVE-2020-7454?

CVE-2020-7454 has a severity rating of 9.8, which is classified as critical.

How can I fix CVE-2020-7454?

To fix CVE-2020-7454, update to the latest version of FreeBSD Kernel and apply any available patches.

Where can I find more information about CVE-2020-7454?

You can find more information about CVE-2020-7454 in the FreeBSD Security Advisory (FreeBSD-SA-20:12.libalias.asc) and the ZeroDayInitiative advisories (ZDI-20-660 and ZDI-20-659).

Vulnerability/
CVE-2020-7454

critical

9.8

CWE

20 787

13/5/2020

4/8/2024

CVE-2020-7454: FreeBSD Kernel NAT Out-Of-Bounds Access Remote Code Execution Vulnerability

First published: Wed May 13 2020(Updated: )

In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	=11.3
FreeBSD FreeBSD	=11.3-p1
FreeBSD FreeBSD	=11.3-p2
FreeBSD FreeBSD	=11.3-p3
FreeBSD FreeBSD	=11.3-p4
FreeBSD FreeBSD	=11.3-p5
FreeBSD FreeBSD	=11.3-p6
FreeBSD FreeBSD	=11.3-p7
FreeBSD FreeBSD	=11.3-p8
FreeBSD FreeBSD	=11.4
FreeBSD FreeBSD	=11.4-beta1
FreeBSD FreeBSD	=12.1
FreeBSD FreeBSD	=12.1-p1
FreeBSD FreeBSD	=12.1-p2
FreeBSD FreeBSD	=12.1-p3
FreeBSD FreeBSD	=12.1-p4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-7454?
CVE-2020-7454 is a vulnerability in the FreeBSD Kernel that allows remote attackers to execute arbitrary code.
Is authentication required to exploit CVE-2020-7454?
No, authentication is not required to exploit this vulnerability.
How severe is CVE-2020-7454?
CVE-2020-7454 has a severity rating of 9.8, which is classified as critical.
How can I fix CVE-2020-7454?
To fix CVE-2020-7454, update to the latest version of FreeBSD Kernel and apply any available patches.
Where can I find more information about CVE-2020-7454?
You can find more information about CVE-2020-7454 in the FreeBSD Security Advisory (FreeBSD-SA-20:12.libalias.asc) and the ZeroDayInitiative advisories (ZDI-20-660 and ZDI-20-659).

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/author
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-20-659
alias/ZDI-CAN-10624
alias/CVE-2020-7454
agent/software-canonical-lookup
alias/ZDI-20-660
alias/ZDI-CAN-10849
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/11.3
version/freebsd freebsd/11.3-p1
version/freebsd freebsd/11.3-p2
version/freebsd freebsd/11.3-p3
version/freebsd freebsd/11.3-p4
version/freebsd freebsd/11.3-p5
version/freebsd freebsd/11.3-p6
version/freebsd freebsd/11.3-p7
version/freebsd freebsd/11.3-p8
version/freebsd freebsd/11.4
version/freebsd freebsd/11.4-beta1
version/freebsd freebsd/12.1
version/freebsd freebsd/12.1-p1
version/freebsd freebsd/12.1-p2
version/freebsd freebsd/12.1-p3
version/freebsd freebsd/12.1-p4
canonical/freebsd kernel